security

  1. A

    Free SSL with cPanel ?

    I signed up for a hosting and just realised that I have an ssl certificate included. It says DV certificate issued by cPanel for your domain dot com Is it free forever ? My domain is valid for an year but the SSL says its valid for around 3 months only
  2. J

    What are the best cPanel plugins for security?

    The cPanel security apps page doesn't show when plugins were last updated. I already know CSF an ClamAV are great.
  3. M

    DCV challenge failure because of remote nameserver

    Since a Cpanel l update I am receiving the autossl error NS DCV: The DNS query to “_cpanel-dcv-test-record.mydomain” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=5sdsdfasdfYz6qCvsZkn5nN24y0HuUpb5fOqqadsr53qn9fe53ghU8WwQHbO6z3”.; HTTP DCV...
  4. N

    How to protect Clean Cpanel account from Infected Once

    Hi all, If one of the Cpanel accounts have virus/malware how to protect others cancel accounts from infection? Thanks
  5. A

    SOLVED 'You must reboot the server to apply kernel updates' persists after multiple reboots

    My VPS is running v86.0.18 (RELEASE) on CENTOS 7.8 and I have a persistent "You must reboot the server to apply kernel updates" warning that doesn't go away after rebooting (several times). The latest "yum -y update" results in "No packages marked for update' and "whmapi1 system_needs_reboot"...
  6. J

    Alternative exim port not added to firewall

    When I add a port to Exim, that port should get added to /etc/firewalld/services/cpanel.xml but it doesn't. This seems to be something new. Everything was fine for 20 years, now CPanel iptables implementation seems to be blocking the additional port as defined in Exim Configuration Manager. Or...
  7. R

    A problem I do not know have a solution

    Hello We have something that creates index files alone in files. Example <?php /ea2a0 / @include "\057home\057mzam\145er/p\165blic\137html\057Soun\144s/Al\055Jaze\145rah/\115oham\155ed_A\164eeq_\101l-Su\156awi/\056bfaf\06242b.\151co"; /ea2a0 / What solved this problem and where did it...
  8. J

    ModSecurity: collections_remove_stale: Failed to access DBM file

    We've looked at all the similar posts regarding this error, but all of the discussions apply to using mod_ruid2 or mpm_itk. We are using mpm_prefork & lsapi. Customer complained about not being able to consistently access his cPanel portal without having to reload the page, and sometimes...
  9. S

    Cant install my custom CSR

    Can anyone help me? I have my own custom CSR but I'm not able to install it on cpanel.
  10. W

    How to get email notification when kernel update is ready?

    Hi I would like to receive an email notification when a cpanel server needs a restart due to kernel update available? How can I enable that? Thanks
  11. R

    cPanel upgraded from Centos 6.8 to 7.7, what is new default firewall?

    I am using GoDaddy as my hosting provider. I just upgraded my service from their Gen3 VPS to a Gen4 VPS. The Gen3 VPS came with `ConfigServ Security & Firewall` - that is not available in the new Centos 7.7 Gen4 VPS. In fact, it appears there is no default FW of any sort in my new Gen4 VPS...
  12. P

    How to Improve Server Speed and Security.

    Sir how can I improve my server speed and security ? My Server's sites are working too much slow , is Thier any idea to increase Thier speed ?
  13. C

    Total Noob here - Cron issue

    We are receiving this message: /bin/sh: line 0: cd: /usr/local/cpanel/whostmgr/docroot/cgi/fantastico/scripts/: No such file or directory I have been asked to look into this but it is not my bailiwick. I'm happy to do the work if someone can clue me in on how to reset the script. I did search...
  14. D

    HTTP error 401Invalid Security TokenThe requested URL does not contain your session’s correct security token

    i get this error when am performing some functions like editng .htaccess or wp-config and alot more. below is the error i get; HTTP error 401 Invalid security token The requested URL does not contain the correct security token for your session. The reason for this error may be that you copied...
  15. A

    Keep getting alerts for "Software Security Notice - Script installs need upgrading" for non-existent installs

    Hello, I keep getting daily alerts for a WordPress installation, of which was originally created via cPanel, though no longer exists. Although it appears someone had deleted this by simply removing the physical files and database, cPanel must have a record somewhere through the Software...
  16. R

    Using Imunify360, but see this message "CSF is installed, but LFD is not running"

    I have Imunfy360 installed and CSF/LDF seem to be uninstalled. I see this message "CSF is installed, but LFD is not running" in the Security Advisor output. I realize the notice is not accurate and can be safely ignore it ( I double check for CSF/LDF via SSH, not installed ). Anything I can...
  17. L

    https://www.googletagmanager.com injected in all WHM Installations by cPanel Inc?

    It looks cPanel Inc. is delivering GoogleTagmanager Script inside WHM. I see that as a security risk and dataprivacy issue, when a thirdparty script is injected in the WHM console of every server. (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new...
  18. P

    Infected with a virus in a bunch of sites. Want to find a multi-line string and remove it from hundreds of files.

    I host a bunch of websites that got infected due to an insecure WordPress management plugin (InfiniteWP). I have WHM/cPanel, and ImunifyAV+ and ConfigServer Exploit Scanner. Those have failed to fully remove the injected scripts. ImunifyAV+ has removed a bunch, but for some reason, not all...
  19. S

    crond FAILED to open PAM security session (Permission denied)

    Hi, Yesterday, I noticed that cron Jobs stopped working. /var/log/cron logs: crond[13653]: (root) FAILED to open PAM security session (Permission denied) crond[13860]: (root) PAM ERROR (Permission denied) crond[13861]: (myuser) PAM ERROR (Permission denied) crond[13861]: (myuser) FAILED to...
  20. S

    SOLVED [CPANEL-26566] Security Advisor's PermitRootLogin check is inaccurate

    Just did cPanel upgrade to v80.0.9. Immediate issues I observed: 1) Security Advisor shows 'SSH direct root logins are permitted' and suggests 'Manually edit /etc/ssh/sshd_config and change PermitRootLogin to “without-password” or “no”, then restart SSH'. Note: my sshd_config was set to 'no'...